Practitioner's Docket No. 770P009579-us(Prt) 



09/719609 

525 Rec'd PCT/PTO 13 DEC 2001? 



CHAPTER II 



Preliminary Classification: 
Proposed Class: 
Subclass: 

NOTE: m AJI applicants are requested to include a preliminary classification on newly filed patent 

applications. The preliminary classification, preferably class and subclass designations, should be 
identified in the upper right-hand comer of the letter of transmittal accompanying the application 
papers, for example 'Proposed Class 2, subclass 129." M.P.E.P., § 601, 7th ed. 



TRANSMITTAL LETTER 
TO THE UNITED STATES ELECTED OFFICE (EO/US) 

(ENTRY INTO UJS. NATIONAL PHASE UNDER CHAPTER H) 

INTERNATIONAL APPLICATION NO. INTERNATIONAL FILING DATE PRIORITY DATE CLAIMED 

prr/iisQQ/i.'Uftft 15 June 1999 15 June 1998 

TITLE OF INVENTION ~ 

TECHNIQUE FOR SECURING A SYSTEM CONFIGURATION OF A POSTAGE FRANKING SYSTEM 

APPLICANTS) ~~ ~ ~ 

Robert G. SCHUARTZ, George M. BROOKNER, Fetneh ESKANDARI , Allen A. CROWE, Mark E. SIM CIK 
Box PCT 

Assistant Commissioner for Patents 
Washington D.C. 20231 

ATTENTION: EO/US 



CERTIFICATION UNDER 37 C.F.R. f 1.10* 
(Express Mall label number h mandatory.) 
(Express Mail certification is optional.) 

I hereby certify that this Transmittal Letter and the papers indicated as being transmitted therewith is being 
deposited with the United States Postal Service on this date ^^g^l^^yl 000 in an envelope as 



-Express Mail Post Office to Addressee" Mailing Label Number . 
Assistant Commissioner for Patents, Washington, D.C. 20231 . 



addressed to the: 



(type < 



June Adams 
\pnkt name of 




fling i 



WARNING: 



•WARNING 



Sigratureybf person mailing paper 

Certificate of mailing (first class) or facsimile transmission procedures of 37 C.F.R. § 1.8 cannot be 
used to obtain a date of mailing or transmission for this correspondence. 
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NOTE: To avoid abandonment of the application, the applicant shall furnish to the USPTO, not later than 20 
months from the priority date: (1) a copy of the international application, unless it has been previously 
communicated by the International Bureau or unless it was originally fifed in the USPTO; and (2) the 
basic national fee (see 37 C.F.R. § 1.492(a)). The 30-month time limit may not be extended. 37 C.F.R. 
J 7.495. 

WARNING: Where the items are those which can be submitted to complete the entry of the international 
application into the national phase are subsequent to 30 months from the priority date the 
application is still considered to be in the international state and if mailing procedures are utilized 
to obtain a date the express mail procedure of 37 C.F.R. §1.10 must be used (since international 
application papers are not covered by an ordinary certificate of mailing — See 37 C.F.R. § 1.8. 

NOTE: Documents and fees must be clearly identified as a submission to enter the national state under 35 
U.S.C. § 371 otherwise the submission will be considered as being made under 35 U.S.C. § 111. 37 
C.F.R. § 1.494(f). 

I Applicant herewith submits to the United States Elected Office (EO/US) the following 
itsms uriper 35 U.S.C. § 371: 

lis express request to immediately begin national examination procedures 
35 U.S.C. § 371(f)). 

The U.S. National Fee (35 U.S.C. § 371(c)(1)) and other fees (37 C.F.R. § 1.492) 
as indicated below: 
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2. Fees 



l_r\ innO 

FEE 


(1) FOR 


(2) NUMBER 
FILED 


(3) NUMBER 
EXTRA 


(4) RATE 


(5) CALCULA- 
TIONS 


□* 


TOTAL 












72 


72 -20 = 


52 


X $18.00 = 


$ 936.00 




INDEPENDENT 
CLAIMS 












10 


10 "3 = 


7 


x $80.00 


560.00 




MULTIPLE DEPENDENT CLAIM(S) (if applicable) 


+ $270.00 




BASIC FEE** 


KJ U.S. PTO WAS INTERNATIONAL PRELIMINARY EXAMINATION 
AUTHORITY 

Whore an International preliminary examination fee as set forth 
in § 1.462 has been paid on the international application to the 
U.S. PTO: 

EI and the international preliminary examination report 
states that the criteria of novelty, inventive step (non- 
obviousness) and industrial activity, as defined in PCT 
Article 33(1) to (4) have been satisfied for all the 
claims presented in the application entering the 
national stage (37 C.F.R. § 1.492(a)(4)) $100.00 

D and the above requirements are not met (37 C.F.R. 


100.00 




□ U.S. PTO WAS NOT INTERNATIONAL PRELIMINARY 
EXAMINATION AUTHORITY 

Where no international preliminary examination fee as set forth 
in § 1.482 has been paid to the U.S. PTO, and payment of an 
international search fee as set forth in § 1.446(a)(2) to the U.S. 
PTO: 

□ has been paid (37 C.F.R. § 1.492(a)(2)) $710.00 

□ has not been paid (37 C.F.R. § 1.492(a)(3)) $1,000. 

□ where a search report on the international application 
has been prepared by the European Patent Office or 
the Japanese Patent Office (37 C.F.R. 






Total of above Calculations 


1,596.00 


SMALL 

PMT1TY 


Reduction by 1/2 for filing by small entity, if applicable. Affidavit 
must be filed also, (note 37 C.F.R. § 1.9, 1.27, 1.28) 






Subtotal 


1,596.00 




Total National Fee 


$ 

1,596.00 




Fee for recording the enclosed assignment document $40.00 (37 
C.F.R. § 1.21(h)). (See Item 13 below). See attached "ASSIGNMENT 
COVER SHEET". 


40.00 


TOTAL 


Total Fees enclosed 


$ 1,636.00 
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*See attached Preliminary Amendment Reducing the Number of Claims. 

i. SI A check in the amount of $i ,fnfi no to cover the above fees is enclosed. 

ii. □ Please charge Account No in the amount of $ 

A duplicate copy of this sheet is enclosed. 

"WARNING: To avoid abandonment of the application the applicant shall furnish to the United States Patent 
and Trademark Office not later than the expiration of 30 months from the priority date: * * * (2) 
the basic national fee (see § 1.492(a)). The 30-month time limit may not be extended. " 37 C.F.R. 
§ 7.495(b). 

WARNING: If the translation of the international application and/or the oath or declaration have not been 
submitted by the applicant within thirty (30) months from the priority date, such requirements may 
be met within a time period set by the Office. 37 C.F.R § 1.495(b)(2). The payment of the surcharge 
set forth in § 1.492(e) is required as a condition for accepting the oath or declaration later than 
thirty (30) months after the priority date. The payment of the processing fee set forth in § 1.492(f) 
is required for acceptance of an English translation later than thirty (30) months after the priority 
date. Failure to comply with these requirements will result in abandonment of the application. The 
provisions of§ 1.136 apply to the period which is set Notice of Jan. 3, 7993, 1147 O.G. 29 to 
40. 

3. D A copy of the International application as filed (35 U.S.C. § 371(c)(2)): 

NOTE: Section 1.495 (b) was amended to require that the basic national fee and a copy of the international 
application must be filed with the Office by 30 months from the priority date to avoid abandonment 
'The International Bureau normally provides the copy of the international application to the Office in 
accordance with PCT Article 20. At the same time, the International Bureau notifies applicant of the 
communication to the Office. In accordance with PCT Rule 47. 1, that notice shall be accepted by all 
designated offices as conclusive evidence that the communication has duly taken place. Thus, if the 
applicant desires to enter the national stage, the applicant normally need only check to be sure the 
notice from the International Bureau has been received and then pay the basic national fee by 30 months 
from the priority date." Notice of Jan. 7, 7993, 7747 O.G. 29 to 40, at 35-36. See item 14c below. 

a. □ is transmitted herewith. 

b. □ is not required, as the application was filed with the United States 
Receiving Office. 

c. K3 has been transmitted 

i. OD by the International Bureau. 

Date of mailing of the application (from form PCT/1B/308): 23 Decemb er 1999 

ii. □ by applicant on 

Date 

4. S3 A translation of the International application into the English language 

(35 U.S.C. § 371(c)(2)): 

a. □ is transmitted herewith. 

b. El is not required as the application was filed in English. 

c. □ was previously transmitted by applicant on 

Date 

d. □ will follow. 
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5. H3 Amendments to the claims of the International application under PCT Article 19 
(35 U.S.C. § 371(c)(3)): 

NOTE: The Notice of January 7, 1993 points out that 37 CF.R. § 1.495(a) was amended to clarify the existing 
and continuing practice that PCT Article 19 amendments must be submitted by 30 months from the 
priority date and Wis deadline may not be extended. The Notice further advises that: The failure to 
do so will not result in loss of the subject matter of the PCT Article 19 amendments. Applicant may 
submit that subject matter in a preliminary amendment filed under section 1. 121. In many cases, filing 
an amendment under section 1.121 is preferable since grammatical or idiomatic errors may be 
corrected." 1147 O.G. 29-40, at 36. 

a. □ are transmitted herewith. 

b. □ have been transmitted 

i. □ by the International Bureau. 
Date of mailing of the amendment (from form PCT/1 B/308): 

ii. □ by applicant on (date) 

Date 

c. Ek have not been transmitted as 

i. 0 applicant chose not to make amendments under PCT Article 19. 
Date of mailing of Search Report (from form PCT/ISA/210.): 10/5/99 

ii. □ the time limit for the submission of amendments has not yet expired. 
The amendments or a statement that amendments have not been made 
will be transmitted before the expiration of the time limit under 
PCT Rule 46.1. 

6. □ A translation of the amendments to the claims under PCT Article 19 
(38 U.S.C. § 371(c)(3)): 

a. □ is transmitted herewith. 

b. □ is not required as the amendments were made in the English language. 

c. □ has not been transmitted for reasons indicated at point 5(c) above. 

7. £3 A copy of the international examination report (PCT/IPEA/409) 
GD is transmitted herewith. 

□ is not required as the application was filed with the United States Receiv- 
ing Office. 

8. □ Annex(es) to the international preliminary examination report 

a. □ is/are transmitted herewith. 

b. □ is/are not required as the application was filed with the United States 
Receiving Office. 

9. □ A translation of the annexes to the international preliminary examination report 

a. □ is transmitted herewith. 

b. □ is not required as the annexes are in the English language. 
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10. Sk An oath or declaration of the inventor (35 U.S.C. § 371(c)(4)) complying with 

35 U.S.C. § 115 

a. □ was previously submitted by applicant on 

Date 

b. 0 is submitted herewith, and such oath or declaration 

i. £3 is attached to the application. 

ii. □ identifies the application and any amendments under PCT Article 
19 that were transmitted as stated in points 3(b) or 3(c) and 5(b); and 
states that they were reviewed by the inventor as required by 

37 C.F.R. § 1.70. 

iii. □ will follow. 

II. Other document(s) or information included: 

11. DB An International Search Report (PCT/ISA/210) or Declaration under 

PCT Article 17(2)(a): 

a. £] is transmitted herewith. 

b. □ has been transmitted by the International Bureau. 
Date of mailing (from form PCT/IB/308): 

c. □ is not required, as the application was searched by the United States 
International Searching Authority. 

d. □ will be transmitted promptly upon request. 

e. □ has been submitted by applicant on 

Date 

12. 83 An Information Disclosure Statement under 37 C.F.R. §§ 1.97 and 1.98: 

a. [£] is transmitted herewith. 

Also transmitted herewith is/are: 
\S Form PTO-1449 (PTO/SB/08A and 08B). 
S Copies of citations listed. 

b. □ will be transmitted within THREE MONTHS of the date of submission 
of requirements under 35 U.S.C. § 371 (c). 

c. □ was previously submitted by applicant on 

Date 

13. 0 An assignment document is transmitted herewith for recording. 

A separate ffl "COVER SHEET FOR ASSIGNMENT (DOCUMENT) ACCOMPA- 
NYING NEW PATENT APPLICATION" or □ FORM PTO 1595 is also attached. 
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14. 0 Additional documents: JC01 Rec'd PCT/PTO . 3 DEC 2000 

a. Q Copy of request (PCT/RO/101) 

b. 0 International Publication No. WO 99/6642 2 

i. jyj Specification, claims and drawing 

ii. □ Front page only 

c. □ Preliminary amendment (37 C.F.R. § 1.121) 

d. Ef Other 

PCT/IB/304 a PCT/IB/308, PCT/IPEA/401 , PCT/IB/332, PCT/IPEA/416,PCT/I PEA/409 
PCT/ISA/220, PCT/ISA/210 



15. SD The above checked items are being transmitted 

a. [3 before 30 months from any claimed priority date. 

b. □ after 30 months. 

16. □ Certain requirements under 35 U.S.C. § 371 were previously submitted by the 

applicant on , namely: 



AUTHORIZATION TO CHARGE ADDITIONAL FEES 

WARNING: Accurately count claims, especially multiple dependant claims, to avoid unexpected high charges 
if extra claims are authorized. 

NOTE: "A written request may be submitted in art application that is an authorization to treat any concurrent 
or future reply, requiring a petition for an extension of time under this paragraph for its timely submission, 
as incorporating a petition for extension of time for the appropriate length of time. An authorization to 
charge all required fees, fees under § 1.17, or all required extension of time fees will be treated as 
a constructive petition for an extension of time in any concurrent or future reply requiring a petition 
for an extension of time under this paragraph for its timely submission. Submission of the fee set forth 
in § 1.17(a) will also be treated as a constructive petition for an extension of time in any concurrent 
reply requiring a petition for an extension of time under this paragraph for its timely submission." 37 
C.F.R. § 1.136(a)(3). 

NOTE: "Amounts of twenty- five dollars or less will not be returned unless specifically requested within a 
reasonable time, nor will the payer be notified of such amounts; amounts over twenty-five dollars may 
be returned by check or, if requested, by credit to a deposit account" 37 C.F.R § 1.26(a). 

Efl The Commissioner is hereby authorized to charge the following additional 
fees that may be required by this paper and during the entire pendency of 
this application to Account No. 16-1350 

® 37 C.F.R. § 1.492(a)(1), (2), (3), and (4) (filing fees) 
WARNING: Because failure to pay the national fee within 30 months without extension (37 C.F.R. § 1.495(b)(2)) 
results in abandonment of the application, it would be best to always check the above box. 
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B 37 C.F.R. § 1.492(b), (c) and (d) (presentation of extra claims) 

NOTE: Because additional fees for excess or multiple dependent claims not paid on filing or on later presentation 
must only be paid or these claims cancelled by amendment prior to the expiration of the time period 
set for response by the PTO in any notice of fee deficiency (37 C.F.R. § 1.492(d)), it might be best 
not to authorize the PTO to charge additional claim fees, except possible when dealing with amendments 
after final action. 

B 37 C.F.R. § 1.17 (application processing fees) 

□ 37 C.F.R. § 1.17(a)(1H5) (extension fees pursuant to § 1.136(a). 

□ 37 C.F.R, § 1.1 8 (issue fee at or before mailing of Notice of Allowance, 
pursuant to 37 C.F.R. § 1.311(b)) 

NOTE: Where an authorization to charge the issue fee to a deposit account has been filed before the mailing 
of a Notice of Allowance, the issue fee will be automatically charged to the deposit account at the time 
of mailing the notice of allowance. 37 C.F.R. § 1.311(b). 

NOTE: 37 C.F.R. § 1.28(b) requires "Notification of any change in loss of entitlement to small entity status must 
be filed in the application . . . prior to paying, or at the time of paying . . . issue fee. " From the wording 
of 37 C.F.R. § 1.28(b): (a) notification of change of status must be made even if the fee is paid as "other 
than a small entity' and (b) no notification is required if the change is to another small entity. 

0 37 C.F.R. § 1.492(e) and (f) (surcharge fees for filing the declaration 
and/or filing an English translation of an International Application later 
than 30 months after the priority date). 



PLEASE SEND ALL CORRESPONDENCE TO: 

Reg. No.: 24,622 

Tel. No.: ( 203 ) 259-1800 

Customer No.: 2512 




SIGNATURE OF PRAC 

Clarence A. Green 



{type or print name of practitioner) 
PERMAN & GREEN, LLP 



P.O. Address 

425 Post Road, Fairfield, Connecticut 06430, USA 



PLEASE SEND ALL CORRESPONDENCE TO: 

Clarence A. Green 
PERMAN & GREEN, LLP 

425 Post Road, Fairfield, Connecticut 06430, USA 
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Description 



TECHNIQUE FOR SECURING A SYSTEM 



CONFIGURATION O F A POSTAGE FRANKING SYSTEM 



Technical Field 

The invention relates to a secure system 
configuration technique, and more particularly to a 
technique for protecting the integrity of components in a 
postage franking system. 

Background of the Invention 



franking systems for generating postage indicia on 
mailpieces. The format of the postage indicia is 
specified by a postal authority to facilitate its 
inspection. In the United States, much attention has 
been focused on an Information-Based Indicia Program 
(IBIP) by the United States Postal Service (USPS) , 
proposing, among other things, new requirements for the 
format of a postage indicium. Such new requirements were 
promulgated, e.g., in the ^Information Based Indicia 
Program (IBIP) Open System Indicium Specification," dated 
August 19, 1998. For instance, the IBIP requires 
inclusion of a 2 -dimensional (2-D) barcode in the postage 
indicium. Such a barcode represents postal information 
including postage, and a digital signature for 
authenticating the postal information, in accordance with 
a public key algorithm. One such public key algorithm 
may be the Digital Signature Algorithm (DSA) described, 



It is commonplace to use postage meters or 
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e.g., in "Digital Signature Standard (DSS)," FTPS PUB 
186 . May 19, 1994. 

In addition, under the IBIP, the requirements 
of a postal security device (PSD) supporting the creation 
of the postage indicium are specified, e.g., in the 
"Information Based Indicia Program (IBIP) Open System 
Postal Security Device (PSD) Specification," dated August 
19, 1998. In accordance with the IBIP requirements, the 
PSD provides the aforementioned digital signature in the 
postage indicium, and dispenses and accounts for a postal 
fund stored therein in a secure manner. 

With the advent of sophisticated and widely 
available general purpose computers, e.g., personal 
computers (PCs) , it has become possible to use one such 
computer, by installing an appropriate postage generation 
program therein, to print postage indicia on a printer. 
Thus, a franking system may comprise a PC, and a PSD and 
printer serving as peripherals thereto, in accordance 
with an "open system" configuration. An advantage of 
adopting the open system configuration is that other 
mailing application software may also be installed by the 
user in the same PC to effectively generate mailpieces 
along with the postage indicia. For example, such 
mailing application software may include a billing 
program for charging postage back to different accounts, 
an envelope program for printing an address and a postage 
indicium on an envelope, an address cleansing program for 
correcting mailing addresses, etc. 

However, the user of a franking system based on 
the open system configuration has full access to the 
hardware and software components in the system. As a 
result, these components including the aforementioned 
postage generation program are subject to tampering, and 
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frauduleiit manipulation to generate unauthorized postage 
indicia . 

Summary Of the Invention 

In accordance with the invention, an 
authorization code is used to secure the configuration of 
a franking system. The authorization code is derived in 
part from system configuration information concerning, 
e.g., the enabled and disabled feature options, current 
version number of software, and the identity of a 
computer in the franking system {e.g., the serial number 
of the computer) . Any unauthorized change in the system 
configuration results in an invalidation of the 
authorization code in the franking system, and denial of 
the franking operation. Thus, any system 

reconfiguration, e.g., a change in the feature options or 
software upgrade, must be effected using a new valid 
authorization code. Preferably, the authorization code 
verification is performed each time before the franking 
operation starts to forestall any fraudulent generation 
of postage indicia . 

In accordance with an aspect of the invention, 
software code, e.g., the object code of a postage 
generation program, in the franking system is subject to 
error checking thereof. Thus, the above authorization 
code is also derived from error checking information, 
e.g., cyclic redundancy check (CRC) bits or checksum of 
the software code. Any tampering of the software also 
results in an invalidation of the authorization code. 

In addition, to minimize the risk of fraudulent 
generation of postage indicia, f ranking-related software 
and hardware components by, e.g., third party vendors, 
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need to go through a pre-approval process before they are 
installed in the franking system to participate in the 
franking operation. For instance, in the pre -approval 
process, the components need to pass standardized tests 
to meet certain minimum requirements in, e.g., tamper 
resistance. In accordance with yet another aspect of the 
invention, a pre-approved software component is afforded 
a registration identifier which is necessary for the 
software component to participate in the franking 
operation. For example, the registration identifier 
needs to be produced for verification each time when the 
software component interacts with the aforementioned 
postage generation program. Similarly, a pre-approved 
hardware component is afforded a registration identifier 
which is necessary for its utility software to 
participate in the franking operation. 

It is an object of the invention to control the 
configurations of the franking systems in the field. To 
that end, .a data center keeps records of the latest 
configurations of the franking systems served by the data 
center, including the identities of the f ranking-related 
components in the respective systems. Such records can 
be used to control the configuration of each franking 
system. For example, with such records, the data center 
can generate the aforementioned authorization code for 
verification in each franking system to enforce its 
configuration . 

It is another object of the invention to 
effectively conduct online transactions using postage 
funds. To that end, the aforementioned data center also 
keeps a customer account for replenishing a postage fund 
in each franking system. For example, software or a 
feature option for the franking system may be purchased 



WO 99/66422 PCT/US99/1 3488 

-5- 

through a communication connection with the data center. 
Such an online transaction involves the data center's 
downloading the software to, or enabling the feature 
option of, the franking system through the communication 
5 connection, with the price of the software or feature 
option debited from its customer account in the data 
center . 

Brief Description of the Drawing 

10 Further objects, features and advantages of the 

invention will become apparent from the following 
detailed description taken in conjunction with the 
accompanying figures showing illustrative embodiments of 
the invention, in which: 
15 Fig. 1 illustrates a franking system which is 

capable of communicating with a remote data center in 
accordance with the invention; 

Fig. 2 illustrates the format of each record in 
a database in the remote data center ; 
20 Fig. 3 is a block diagram of a postal security 

device used in the franking system; 

Fig. 4 is a flow chart depicting the steps of a 
postage generation program used in the franking system; 

Fig. 5 illustrates a postage indicium generated 
25 by the postage generation program; 

Fig. 6 illustrates an authorization code which 
needs to be verified in reconfiguring the franking 
system; 

Fig. 7 is a flow chart depicting the steps 
30 taken by the franking system to verify the authorization 
code ; 
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Figs. 8A and 8B jointly illustrate a process 
whereby the franking system can be remotely reconfigured 
through a communications connection; 

Fig. 9 shows a variation of the design of the 
5 authorization code; 

Fig. 10 illustrates a memory map of storage of 
feature option values ; 

Fig. 11 illustrates a process for generating 
the authorization code of Fig. 9 in changing a feature 
10 option in the franking system; 

Fig. 12 illustrates a process for changing the 
feature option in the franking system using the 
authorization code of Fig. 9; 

Fig. 13 illustrates a second process for 
15 changing the feature option in the franking system using 
the authorization code of Fig. 9; 

Fig. 14 illustrates a memory map of storage of 
software version numbers ; 

Fig. 15 illustrates a process for updating a 
20 software version number in the franking system; and 

Figs. ISA, 16B and 16C jointly illustrate a 
process for printing addresses and a postage indicium on 
an envelope using pre-approved components in the franking 
system. 

25 

Detailed Description 

Fig. 1 illustrates franking system 100 
embodying the principles of the invention for realizing 
mailing applications and generating postage indicia on 
30 mailpieces. In this particular illustrative embodiment , 
system 100 is configured as an open system,, where 
computer 105 may be a conventional personal computer ( PC) 
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serving as a host device, and where PSD 110, printer 115 
and modem 120 are peripherals to computer 105. 
Alternatively, computer 105 may be a workstation or any 
other general purpose computing machine. Computer 105 
5 may cause modem 12 0 to establish a communication 

connection through a communications network to, say, 
remote data center 125. Although modem 120 in this 
instance is shown as an external modem, it will be 
appreciated that any internal modem within computer 105 

10 may be used, instead. 

Data center 125 includes processor 13 0 which, 
among other things, maintains database 140 and 
registration identifiers 145 stored in memory 135 to 
serve different franking systems, e.g., franking system 

15 100, communicates therewith to replenish their postage 

funds, and provides authorization codes to control their 
configurations in accordance with the invention. 

Database 14 0 contains records concerning the 
respective franking systems served by data center 125. 

20 Fig. 2 illustrates the format of each record in database 
140. In this instance, each franking system is 
identified by a PSD serial number in field 161 pre- 
assigned to its PSD. Field 163 contains account 
information such as a prefunded or credit escrow account 

25 balance for the franking system for conducting a 

telemeter setting (TMS) transaction described below. 
Field 165 includes configuration information (described 
below) concerning the configuration of the franking 
system to protect its integrity in accordance with the 

3 0 invention. 

Fig. 3 illustrates PSD 110 which in this 
instance is realized as an integrated circuit (IC) module 
peripheral to computer 105. PSD 110 comprises secure 
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memory 200, processing unit 210 including one or more 
processors, and communications interface 220 (realizable 
as PCMCIA, serial or parallel interface) for interfacing 
with and insertion into a corresponding mating port (not 
5 shown) in computer 105. 

Secure memory 2 00 is a nonvolatile memory which 
includes, among others, ascending register 23 0 and 
descending register 235. Ascending register 230 is used 
to keep track of an amount of postage dispensed. On the 

10 other hand, descending register 235 is used to keep track 
of the postage fund amount available for postage 
dispensation. When the value of descending register 235 
decreases over time below a predetermined limit, computer 
105 can no longer dispense postage until descending 

15 register 23 5 is reset. Such a reset may be achieved by 
way of electronic funds transfer, in accordance with a 
well-known TMS technique, via a communication connection 
(e.g., a dial-up connection or an Internet connection) to 
data center 125 through modem 120. 

2 0 Using the TMS technique in this instance, the 

user need not carry PSD 110 to a postal authority for 
authorized resetting of descending register 235. To 
initiate a TMS process on computer 105, the user needs to 
meet certain access requirements. For example, the user 

25 may be required to enter a password, key, or biometric 
input (e.g., fingerprint) on computer 105 using an 
appropriate input device attached to computer 105. 
Verification of such an access entry ensures that the 
user is authorized to conduct such a process. After the 

30 access entry is verified, computer 105 initiates a call 
through modem 120 (alternatively via the Internet) to 
data center 125, requesting additional postage funds. 
Upon receipt of the call, processor 130 verifies in a 
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well known manner the current ascending and descending 
register values and other PSD data in secure memory 200 
of PSD 110, and ascertains the availability of funds in 
the prefunded or credit escrow account of system 100. 
After the PSD data is validated and the account balance 
is found to be sufficient, processor 130 debits the 
account and remotely resets descending register 235 in 
PSD 110 accordingly. 

System 100 in this instance may be used to 
generate postage indicia in accordance with the United 
States Postal Service (USPS ) Information Based Indicia 
Program (IBIP) specification, namely, the "Information 
Based Indicia Program (IBIP) Open System Indicium 
Specif ication, " dated August 19, 1998. To that end, 
secure memory 200 also includes a well-known digital 
signature algorithm (DSA) described, e.g., in "Digital 
Signature Standard (DSS)," ftps pub 186 , May 19, 1994; 
and a private key and the corresponding public key in 
accordance with the DSA. The public key may be made 
available to the public in a PSD certificate in the 
postage indicia. For instance, using the DSA, unit 210 
may sign specified postal data with an associated private 
key to generate a different digital signature to be 
included in each postage indicium. The postal authority 
then scans the postage indicium and verifies the digital 
signature to authenticate the postage indicium, in 
accordance with the DSA. It should be noted that instead 
of the DSA of the DSS, another well-known data 
authentication algorithm such as the RSA or Elliptic 
Curve algorithm may be used. 

For postage franking operation, computer 105 is 
loaded with software components including postage 
generation program 3 00 for generating postage indicia. 
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Fig. 4 illustrates program 3 00 stored in a memory (not 
shown) in computer 105. Instructed by program 300, 
computer 105 prompts the user to enter mailing 
information concerning the destination zip code, weight, 
mail class (or rate category) , any special services, 
etc., of a mailpiece to be mailed, as indicated at step 
3 05. Assuming in this instance that a rate module is 
pre- installed in computer 105 which provides postage rate 
information, computer 105 at step 310 calculates the 
required postage based on the user entries and postage 
rate information. Otherwise, the user would be prompted 
to enter the required postage value for mailing the 
mailpiece. At step 313, computer 105 sends the data 
concerning the mail class and postage value to PSD 110, 
Instructed by a subroutine of program 3 00, unit 210 in 
PSD 110 deducts the required postage value from the 
available postal fund in descending register 235, and 
accordingly adds same to the dispensed fund in ascending 
register 23 0 to account for the transaction, as indicated 
at step 315. At step 317, unit 210 in accordance with 
the DSA of the DSS signs postal data concerning the mail 
class, postage value, ascending and descending register 
values, and date of mailing, together with other data 
pre -stored in memory 2 00 such as the software ID 
identifying program 3 00, device ID identifying PSD 110, 
and licensing zip code, resulting in a digital signature 
for authenticating the postage indicium to be generated. 
At step 320, computer 105 receives from PSD 110 the 
digital signature, ascending and descending register 
values, etc. At step 325, computer 105 prepares a print 
image of a postage indicium representing the required 
postal data and digital signature. Alternatively, unit 
210 itself may create the print image of the postage 
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indicium and pass it onto computer 105. Upon receiving a 
print command, computer 105 transmits the print image to 
printer 115, which then prints the postage indicium on a 
label or an envelope fed to printer 115. 
5 Fig. 5 illustrates one such postage indicium 

500 which serves as proof of postage payment. Indicium 
500 includes human readable portion 555 and machine 
readable portion 560. Portion 555 may include, e.g., the 
date of mailing, postage, device ID, originating town and 

10 zip code, mail class, etc. Machine readable portion 560, 
which is readable using an optical scanner, may include a 
2 -dimensional barcode representing data concerning the 
device ID, ascending and descending register values, 
postage value, digital signature, date of mailing, 

15 licensing zip code, software ID, PSD certificate, mail 

class, etc. Alternatively, machine readable portion 560 
may comprise one or more data matrix symbols representing 
similar data, as described in PCT International 
Publication No. WO 99/16023, published on April 1, 1999. 

2 0 Because of the open system configuration of 

franking system 100, the user has full access to hardware 
and software components in system 100. As a result, 
these components, e.g., postage generation program 300 
described above, are subject to tampering and 
25 unauthorized use. In accordance with the invention, 

verification of an authorization code is required from 
time to time to prevent tampering and unauthorized use of 
the components of system 100. 

Fig. 6 illustrates one such authorization code 

3 0 6 00 used to prevent any tampering and unauthorized use of 

postage generation program 3 00 described above, and 
feature options available in system 100 which may 
include, e.g., a label printing option and other printer 
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options, a barcode scanner option, etc. System 100 is 
pre-loaded with software components necessary for 
providing these options. A valid authorization code, 
which is unique to system 100, needs to be entered onto 
5 system 100 in order to install or upgrade the code of 

program 3 00, and/or enable new feature options selected 
by the user. In response to a user request for a system 
reconfiguration involving the program code and/or feature 
options, authorization code 600 is generated by processor 

10 13 0 in data center 125 and then provided either to the 

user via facsimile, email, telephone, etc., for the user 
to enter onto system 100 using, e.g., a keyboard attached 
to computer 105, or to system 100 directly via the 
aforementioned communication connection between data 

15 center 125 and system 100. As shown in Fig. 6, 

authorization code 600 consists of m-bit electronic 
signature 605 and n-bit encrypted option segment 610, 
where m and n are predetermined integers. To generate 
electronic signature 605, for example, a combination of 

20 (a) the identity of computer 105, which in this instance 
is the serial number of computer 105, (b) the hardware 
configuration identifier of computer 105, e.g., 
indicative of the type of processor and RAM capacity in 
computer 105, (c) the serial number of PSD 110, (d) the 

25 software version number of program 3 00, (e) error 

checking information, e.g., in this instance cyclic 
redundancy check (CRC) bits, resulting from performing a 
CRC on the code of program 3 00 , and (f) an option number 
whose bit pattern corresponds to a particular combination 

3 0 of the enabled and disabled feature options for the 
postage franking operation. Item (c) is provided in 
field 161, and items (a), (b) , and (d) through (f) are 
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provided in field 165 of the record pertaining to system 
100 in database 140. 

It should be noted at this point that item (e) 
in this instance is obtained by running a well known CRC 
algorithm, e.g., Reed Solomon CRC algorithm, on the 
object code of program 3 00 which is authorized in system 
100. Alternatively, a checksum derived in a conventional 
manner from the object code may be used. 

The derivation by processor 13 0 of electronic 
signature 6 05 involves encrypting the combination of 
items (a) through (f) in accordance with a first well 
known encryption algorithm. Signature 605 is then 
derived from the encrypted version of the combination of 
the items, e.g., by extracting therefrom a predetermined 
sequence of m bits. Alternatively, signature 605 may be 
generated using a well known symmetric or asymmetric key 
cryptographic methodology. 

On the other hand, encrypted option segment 610 
is generated by encrypting only the option number (f) in 
accordance with a second well known encryption algorithm. 
Alternatively, segment 610 may be unencrypted, i.e., 
containing the plain text of option number (f ) . 

It suffices to know for now that after system 
100 enters a reconfiguration mode where authorization 
code 600 is entered, code 600 is stored in authorization 
code buffer 241. Encrypted option segment 610 of code 
600 is subsequently decrypted to recover the underlying 
option number. Using the recovered option number (f) and 
additional items in system 100 which are identical to 
aforementioned items (a) through (e) , and the same first 
encryption algorithm in the above -described manner, 
system 10 0 is capable of independently generating an 
electronic signature identical to electronic signature 
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605 of code 600. In any event, the generated signature 
is compared with electronic signature 605 in buffer 241. 
If the two signatures match, the authorization code is 
declared valid. Otherwise, if they do not match, the 
5 franking operation by system 100 is suspended. 

It should be noted at this point that the 
authorization code verification requirement is desirable 
in that it helps deter unauthorized copying of software 
in system 100, e.g., program 300, onto other similar 

10 systems. This stems from the fact that even though the 
software can be copied onto the similar systems, the 
latter would not be able to perform the franking 
operation without proper authorization codes, which need 
to be derived in part from their respective unique 

15 computer and PSD serial numbers. In addition, because 
authorization code 600 is partly derived from 
aforementioned item (e) , tampering of the software is 
prevented as any such tampering results in a deviation 
from the valid CRC bit values, causing invalidation of 

20 the authorization code. Moreover, since system 100 would 
only be able to perform franking operation with a proper 
authorization code, which specifies a valid combination 
of software and hardware components, and feature options 
in system 100, the authorization code verification 

25 requirement thus enables data center 125 to control the 
configuration of each franking system served thereby. 

As mentioned before, each bit of the option 
number (f) corresponds to a feature option of franking 
system 100. Each option, which is initially disabled, 

3 0 may be selectively enabled by setting the appropriate 
bits of the option number (f) to the opposite value. 
Thus, for example, if a user wants to enable a. previously 
disabled label printing option, a proper authorization 



WO 99/66422 



PCT/US99/13488 



-15- 

code needs to be entered on system 100 while in a 
reconfiguration mode, causing the bit in the option 
number (f) corresponding to the label printing option to 
change to the opposite value to enable the option. 
System 100 effects the feature options according to the 
bit pattern of the option number stored in option number 
buffer 243 in memory 200. In this particular 
illustrative embodiment, the recovered option number from 
decrypting segment 610 of authorization code 600 
overwrites the current option number in buffer 243 
irrespective of the outcome of the validation of 
authorization number 600. That is, system 100 
immediately effects the feature options according to the 
recovered option number as soon as it is placed in buffer 
243, irrespective of the outcome of the validation. 

After the feature options are effected in the 
prescribed manner in the reconfiguration mode, system 10 0 
returns to a normal operation mode. When postage 
generation program 3 00 is invoked to perform the franking 
operation in the normal operation mode, unit 210 reads 
from memory 2 00 (i) the serial number of computer 105, 
(ii) the hardware configuration identifier of computer 
105, <iii) the serial number of PSD 110, and (iv) the 
software version number of program 300, which are 
collected by unit 210 and stored in memory 200. Unit 210 
also obtains (v) CRC bits based on running the 
aforementioned CRC algorithm on the latest code of 
program 300 in system 100, and (vi) the option number 
from buffer 243. Unit 210 independently generates an 
electronic signature using items (i) through (vi) and the 
aforementioned first encryption algorithm in a similar 
manner to processor 13 0 generating electronic signature 
605 in data center 125. The electronic signature, thus 
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generated', is compared with the electronic signature 
stored in buffer 241, i.e., the first m bits of 
authorization code 600 therein. If there is no mismatch, 
generation of postage indicia using program 3O0 is 
5 allowed. Otherwise if there is any mismatch, a message 
such as "Invalid Authorization Code" is displayed on 
computer 105, and generation of postage indicia is 
halted. 

Where authorization code 600 is entered by user 

10 onto system 100, in view of the possibility tlaat the user 
makes an erroneous authorization code entry, the user is 
afforded a limited number of times to re-enter the 
correct authorization code after the message is 
displayed. After the limited number of times is 

15 exhausted, proper resetting of system 100 by authorized 
personnel is needed to re-enable the system to perform 
the franking operation. 

For installing or upgrading a software 
component, e.g., the code of postage generation program 

2 0 3 00, the user may be provided with a compact disk (CD) , 
or another conventional storage medium, e.g., a floppy 
disk, IC module, digital video disk (DVD), etc., 
containing the necessary software, and authorization code 
60 0 on the storage medium package which is generated in 

25 data center 125 for verification after the software 

installation or upgrade. The new software version number 
of program 3 00 may be embedded in the header of the 
program. When the software installation or upgrade is 
performed, the new software version number is read by 

30 computer 105 and transferred to memory 200 where the new 
software version number replaces the current software 
version number (iv) . 
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* After the software installation or upgrade in 
the reconfiguration mode, system 100 returns to the 
normal operation mode. When postage generation program 
3 00 is invoked to perform the franking operation in the 
5 normal operation mode, the user is prompted for 

authorization code 600 on the storage medium package. 
Authorization code 600 is then verified according to the 
steps similar to those in the above-described 
verification after effecting new feature options. 

10 Specifically, unit 210 stores in buffer 241 authorization 
code 600 entered by the user, as indicated at step 701 in 
Fig. 7. At step 702, unit 210 causes the decryption of 
encrypted option segment 610 of authorization code 600 in 
buffer 241, thereby recovering the underlying option 

15 number (vi) . Such decryption is accomplished using a 
decryption algorithm inverse to the second encryption 
algorithm. At step 703, processor 201 stores the 
recovered option number in buffer 243, although in this 
instance the recovered option number is identical to 

20 current option number in buffer 243. At step 704, unit 
210 runs the CRC algorithm on the latest code of postage 
generation program 3 00, thereby obtaining item (v) . At 
step 705, unit 210 reads the above items (i) through (iv) 
from memory 200, where item (iv) has the latest software 

25 version number of program 300. At step 706, unit 210 
independently generates an electronic signature using 
items (i) through (vi) , and the first encryption 
algorithm in a similar manner to processor 13 0 generating 
electronic signature 605 in data center 125. Unit 210 at 

30 step 707 compares the generated electronic signature with 
electronic signature 605 of authorization code 600 in 
buffer 241. The authorization code is validated if unit 
210 finds that the two electronic signatures match. 
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Otherwise," a message such as "Invalid Authorization Code" 
is displayed on computer 105, and generation of postage 
indicia is halted. 

It should be noted that the above authorization 
5 code verification is performed not only after system 100 
is reconfigured, but preferably each time, or from time 
to time, when postage generation program 300 is invoked 
in the normal operation mode. Thus, preferably each 
time, or from time to time, before the franking operation 

10 is initiated, processor 201 performs above steps 702 
through 707 for fear that the components of franking 
system 100 are tampered in the meantime. 

It should also be noted that the above 
authorization code verification may also be performed via 

15 direct communications between data center 125 and 

franking system 100, thereby obviating the need of having 
the user enter the authorization code. Figs. 8A and 8B 
jointly illustrate remote reconfiguration process 800 
whereby a user can purchase a new feature option or 

20 software online, and whereby authorization code 600 is 
verified via direct communications between data center 
125 and system 100. Process 800 may be invoked by the 
user's entering a specified command on computer* 105. 
Similar to the above -described TMS process for requesting 

25 additional postage, process 800 starts with prompting the 
user for an access entry (e.g., a password, key or 
biometric input) on computer 105, as indicated at step 
8 06 in Fig. 8A. Verification of such an access entry 
ensures that the user is authorized to conduct the remote 

30 reconfiguration process. After the access entry is 
verified at step 809, computer 105 at step 812 
establishes a communication connection with data center 
125 via modem 120. Through the established connection, 
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processor' 130 in data center 125 performs initial 
handshaking with franking system 100 according to a pre- 
agreed upon communication protocol, thereby identifying 
at step 815 franking system 100, e.g., by its PSD serial 
number. Based on the PSD serial number, processor 13 0 at 
step 818 locates in database 140 the record pertaining to 
franking system 100. 

At step 821, processor 130 reviews fields 163 
and 165 of the located record for the current escrow 
account balance and configuration information of system 
100, respectively. Based on the current configuration of 
system 100, processor 130 at step 824 causes computer 105 
to display a menu thereon containing selections of any 
new software available for downloading, and currently 
disabled options for activation. The menu also indicates 
the current escrow account or credit balance, the prices 
for downloading any new software having a new version 
number, and for activating one or more of the disabled 
options. Assuming that in this example the user wants to 
activate a previously disabled option, say, option A in 
the menu, the user may use a mouse device (not shown) 
attached to computer 105 to select option A. 

At step 827, computer 105 communicates the 
user's selection of option A to processor 130. Upon 
receiving the option selection, processor 13 0 at step 83 0 
debits the price of option A from the current escrow 
account balance, resulting in a new balance in field 163. 
Accordingly, processor 130 at step 833 changes the value 
of the bit in the option number (f ) in field 165 
corresponding to option A, reflecting an activation of 
option A. At step 836, processor 130 generates 
authorization code 600 consisting of electronic signature 
605 and encrypted option segment 610. As mentioned 
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before, electronic signature 605 is derived from an 
encrypted version of items (a) through (f) in field 165 
of the record pertaining to system 100. Encrypted option 
segment 610 is obtained by encrypting the option number 
(f) alone. Authorization code 600 is then transmitted 
from data center 125 to system 100 through the 
established communication connection, as indicated at 
step 839. The communication connection is thereafter 
terminated. 

The remaining steps in process 800 are similar 
to those in routine 700 described before. Specifically, 
similar to step 701, step 841 in Fig. 8B involves storing 
received authorization code in buffer 241. Similar to 
step 702, step 843 involves decryption of encrypted 
option segment 610 of authorization code 600 to recover 
the underlying option number (vi) , which in this instance 
indicates the activation status of option A. Similar to 
step 703, step 845 involves storing the recovered option 
number in buffer 243, thereby activating option A. 
Similar to step 704, step 847 involves running the CRC 
algorithm on the latest code of postage generation 
program 3 00, thereby obtaining item (v) . Similar to step 
705, step 849 involves reading items (i) through (iv) 
from memory 200. Similar to step 706, step 851 involves 
independently generating an electronic signature using 
items (i) through (vi) , and the first encryption 
algorithm. Similar to step 707, step 853 involves 
comparing the generated electronic signature with 
electronic signature 605 of authorization code 600 in 
buffer 241. Again, the authorization code is validated 
if unit 210 finds that the two electronic signatures 
match. Otherwise, an "Invalid Authorization Code" 
message would be displayed on computer 105, and 
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generation of postage indicia would be halted as 
described before. 

Based on the disclosure heretofore, it is 
apparent to a person skilled in the art that where the 
user chooses to purchase new software online, instead, 
the steps in process 800 similarly follow, except that in 
that case, at step 83 9 the new software, including the 
new software version number therein, would be downloaded 
from data center 125 to system 100, along with the 
transmission of authorization code 600 thereto. 

Variations of the design of the authorization 
code which call for different verification techniques 
will now be described. In accordance with a first design 
variation, the authorization code is generated by 
encrypting items (a) through (f) using a standard 
encryption algorithm in data center 125. After such an 
authorization code is provided to system 100, the latter 
decrypts the received authorization code using a 
decryption algorithm inverse to the standard encryption 
algorithm, thereby recovering the underlying items (a) 
through (f ) . Items (i) through (v) are then obtain in 
system 10 0 in the manner described before, and compares 
them with the corresponding, recovered items (a) through 
(e) . The authorization code is validated if the two sets 
of items match. 

If the authorization code of the first design 
variation is not validated because of certain mismatched 
items, it may be desirable to show on computer 125 such 
mismatched items for diagnostic purposes. For example, 
if it is shown that item (d) does not match item (iv) , a 
wrong software version of program 300 may have been 
installed in system 100. It may be a manufacturing 
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defect if' the authorization code invalidation occurs 
during the very first time of the franking operation. 

Fig. 9 illustrates a second variation of the 
authorization code design. In accordance with this 
variation, authorization code 900 includes m-bit 
electronic signature 905 which is generated in the same 
manner as electronic signature 605. Authorization code 
900 also includes encrypted reconfiguration segment 910 
having a variable length. The formation of segment 910 
is fully described below. It suffices to know for now 
that the length of segment 910 depends on the actual 
reconfiguration which needs to be realized. 

In a first example where authorization code 900 
may be used, a user requests an activation of a currently 
disabled feature option, say, option C. In accordance 
with an aspect of the invention, for each feature option, 
a pair of memory locations are allocated in memory 200 of 
PSD 110 to pre-store w l" and "0" bit values representing, 
e.g., an "enabled" status and a "disabled" status of the 
option, respectively. The resulting memory map is 
illustrated in Fig. 10. As shown in Fig. 10, a first 
pair of memory addresses 1A2B (hexadecimal) and 1A2C in 
memory 200 correspond to feature option A, where "0" is 
pre-stored at memory address 1A2B and "1" is pre-stored 
at memory address 1A2C; a second pair of memory addresses 
1A2D and 1A2E in memory 2 00 correspond to feature option 
B, where "0" is pre-stored at memory address 1A2D and "1" 
is pre-stored at memory address 1A2E; a third pair of 
memory addresses 1A2F and 1A3 0 in memory 200 correspond 
to feature option C, where n 0" is pre-stored at memory 
address 1A2F and "1" is pre-stored at memory address 
1A3 0; and so on and so forth. This memory map is made 
known to data center 12 5 beforehand and registered in 
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field 165 'of the record pertaining to system 100 in 
database 140. 

Continuing the above example, assuming that the 
request for activating feature option C is granted, 
5 processor 13 0 in data center 125 changes the value of the 
bit in option number (f) corresponding to option C from 
the previous value "0" to the new value w l" to activate 
the option, as indicated at step 1103 in Fig- 11. 
Processor 13 0 at step 1106 generates electronic signature 

10 905 based on items (a) through (f) in the manner 

described before, where option number (f) incorporates 
the new bit value w l" corresponding to option C. 

Processor 13 0 then generates encrypted 
reconfiguration segment 910. Specifically, at step 1109 

15 processor 13 0 looks up from the aforementioned registered 
memory map the memory address corresponding to option C 
at which the new bit value u l" is pre-stored in memory 
200. In this instance, the memory address in question is 
1A30. At step 1112, processor 130 encrypts the memory 

2 0 address using the aforementioned second encryption 

algorithm, resulting in segment 910. Authorization code 
90 0 consisting of electronic signature 905 and encrypted 
reconfiguration segment 910 is fed to system 100 in a 
reconfiguration mode either by direct communications or a 

25 user entry. 

After receiving authorization code 900, unit 
210 at step 1203 in Fig. 12 decrypts segment 910 of 
authorization code 900 using the decryption algorithm 
inverse to the second encryption algorithm, thereby 

30 recovering the memory address 1A30. It should be noted 
that segment 910 starts from the (m+l) th bit of received 
authorization code 900. Unit 210 at step 1206 retrieves 
from memory 2 00 the bit value "1" corresponding to option 
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C at memory address 1A30. Unit 210 at step 1209 
overwrites the current bit value "0" corresponding to 
option C in option number buffer 243 with the retrieved 
bit value thereby activating option C. Unit 210 at 

5 step 1212 gathers items (i) through (v) in the manner 

described before, and reads from option number buffer 243 
the modified option number (vi) . Unit 210 at step 1215 
independently generates an electronic signature based on 
items (i) through (vi) in the manner described before. 

10 Unit 210 compares the resulting electronic signature with 
received electronic signature 905 of received 
authorization code 900, as indicated at step 1217. If 
they match, the authorization code is validated. 
Otherwise, an "Invalid Authorization Code" message would 

15 be displayed on computer 105, and generation of postage 
indicia would be halted as described before. 

Although the above processes involve only one 
feature option, i.e., option C, the processes similarly 
follow where two or more options need to changed at the 

20 same time. In that case, the memory addresses associated 
with the multiple options are concatenated and then 
encrypted using the second encryption algorithm, thereby 
generating encrypted reconfiguration segment 910. 
Accordingly, the length of segment 910 increases with the 

25 number of feature options to be changed. 

To keep segment 910 relatively short especially 
when multiple options need to be changed, in an 
alternative embodiment, segment 910 comprises an 
encrypted version of offset memory addresses, rather than 

30 full memory addresses, associated with the options. 
Referring briefly to Fig. 10, since the full memory 
address associated with each feature option 
illustratively starts with "1A, " unit 210 can be 
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programmed tO t assume that the first two nibbles of the 
option memory addresses are always W 1A" . Thus, when 
option A needs to be changed, only the offset address 
"2B" or W 2C" needs to be communicated using segment 910 
5 for enabling or disabling the option; when option B needs 
to be changed, only the offset address W 2D" or* W 2E" needs 
to be communicated using segment 910 for enabling or 
disabling the option; when option C needs to be changed, 
only the offset address "2F" or "30" needs to be 

10 communicated using segment 910 for enabling or disabling 
the option; and so on and so forth. 

In a second example where authorization code 
900 may be used, to save memory space in memory 200, the 
storage of "1" and u 0" values for each option as set 

15 forth in the memory map of Fig. 10 may be totally 

avoided. Since a change in each option involves changing 
the corresponding bit value in option number buffer 243 
to the opposite value, the encrypted reconfiguration 
segment 910 only needs to communicate the identities of 

2 0 the feature options which need to be changed. After 

learning the identities of such options based on segment 
910, unit 210 locate the bits in buffer 243 corresponding 
to the identified options and change their current bit 
values to the opposite values, respectively. 
25 Thus, in this second example, segment 910 is 

formed by encrypting codes identifying the respective 
options to be changed. Various designs of the codes are 
possible as long as each code uniquely identifies a 
respective option. For example, for the sake of 

3 0 convenience, the code identifying an option may represent 

the bit position corresponding to the option in buffer 
243. Thus, the code for option A may be n 01" 
representing the first bit position of buffer 243 
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correspon'ding to option A; the code for option B may be 
"02" representing the second bit position of buffer 243 
corresponding to option B; the code for option C may be 
"03" representing the third bit position of buffer 243 
corresponding to option C; and so on and so forth. 

Continuing the second example, let's say that 
feature options A and C need to be changed in this 
instance. Thus, system 100 is fed with authorization 
code 900 wherein electronic signature 905 is generated by 
processor 13 0 in data center 125 in the manner described 
before, and encrypted reconfiguration segment 910 
contains an encrypted version of the option codes "0103" 
in concatenation, where the option code "01" identifies 
option A and option code "03" identifies option C. 

As indicated at step 1303 in Fig. 13, unit 210 
first decrypts encrypted reconfiguration segment 910 of 
received authorization code 900, thereby recovering the 
option codes "0103". Based on a first option code "01" 
representing the first bit position in buffer 243 
corresponding to option A, which needs to be changed, 
unit 210 at step 1306 changes the current value of the 
first bit in buffer 243 to the opposite value. In 
addition, based on a second option code "03" which 
immediately follows "01" and which represents the third 
bit position in buffer 243 corresponding to option C, 
which needs to be changed, unit 210 at step 1309 changes 
the current value of the third bit in buffer 243 to the 
opposite value. Unit 210 at step 1312, similar to above- 
described step 1212, gathers items (i) through (v) , and 
reads from option number buffer 243 the modified option 
number (vi) . Unit 210 at step 1315, similar to above- 
described step 1215, independently generates an 
electronic signature based on items (i) through (vi) . 
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Unit 210 compares the resulting electronic signature with 
electronic signature 905 of received authorization code 
900, as indicated at step 1317 similar to above -described 
step 1217. If they match, the authorization code is 
validated. Otherwise, an "Invalid Authorization Code" 
message would be displayed on computer 105, and 
generation of postage indicia would be halted as 
described before. 

We have recognized that for loading new 
software on system 100 for a program upgrade ox: 
installation without changing feature options, 
authorization code 900 may consist of electron±c 
signature 905 only, i.e., encrypted reconfiguration 
segment having a zero length. In this illustrative 
embodiment, an array of memory addresses in memory 200 
are allocated to pre-store a quantity of possible version 
numbers of software, e.g., postage franking program 300. 
As shown in Fig. 14, for example, version number "1" is 
pre-stored at memory address 1B12; version number u 2" is 
pre-stored at memory address 1B13; version number w 3 is 
pre-stored at memory address 1B14; and so on and so 
forth. A version number pointer (not shown) in memory 
200 is used to indicate the memory location of the 
current software version number. Assuming that the 
current software version number is u 2", the pointer has a 
value of W 1B13" . 

The new software to be loaded onto system 10 0 
contains a header which in this instance includes the 
memory address at which the new software version number 
is pre-stored. Let's say the new version number is w 3" 
and the header thus contains the memory address W 1B14" . 

In granting the loading of new software onto 
system 10 0, processor 130 in data center 125 generates 
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authorization code 900 consisting of only electronic 
signature 905 based on items (a) through (f ) in the 
manner described before, where item <d) has the new 
software version number. Electronic signature 905 is 
5 provided to system 100 for later verification. 



system 100 via an online connection or a storage medium, 
unit 210 in PSD 110 at step 1503 in Fig. 15 changes the 
aforementioned version number pointer value to the memory 

10 address provided in the header of the new software, i.e., 
"1B14". As a result, the pointer indicates a new memory 
location containing the software version number "3". 
Unit 210 at step 1506 gathers items (i) through (iii) , 
(v) and (vi) , and reads from memory address 1B14 

15 indicated by the pointer the new software version number 
xx 3" as item (iv) . Unit 210 at step 1509, similar to 
above -described step 1215, independently generates an 
electronic signature based on items (i) through (vi) . 
Unit 210 compares the resulting electronic signature with 

20 received electronic signature 905, as indicated at step 
1511 similar to above -described step 1217. If they 
match, the authorization code is validated. Otherwise, 
an * invalid Authorization Code" message would be 
displayed on computer 105, and generation of postage 

25 indicia would be halted as described before. 



memory address communicated in the header of the new 
software may be an offset address, as well, e.g., xx 12" , 
"13", "14" . . ., rather than its full address, e.g., 
30 "1B12", ^1B13", W 1B14" . . . as it is understood that the 
two most significant nibbles of the full address are 
always "IB" . 



While the new software is being loaded onto 



It should be noted at this point that the 
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In addition, to save memory space in memory 
200, the storage of possible software version numbers as 
set forth in the memory map of Fig. 14 may be totally 
avoided, especially where the software version number 
5 always increments by one when new software is loaded onto 
system 100. In that case, a counter (not shown) in PSD 
110 may be used to keep track of the current software 
version number. Unit 210 may be programmed to be 
responsive to loading of new software onto system 100 to 

10 cause the counter to increment by one, thereby updating 
the software version number (iv) . After loading of the 
new software, unit 210 independently generates an 
electronic signature based on items (i) throughi (vi) . 
The generated electronic signature is compared with 

15 electronic signature 905 generated by data center 125 in 
part based on the new software version number in (d) . If 
they match, the loading of new software onto system 100 
is authorized. 

Because system 100 is configured as an open 

20 system, a user may freely load additional software onto 
computer 105, and add to system 100 hardware components, 
£*g-/ peripherals to computer 105. An advantage of 
adopting the open system configuration is that 
application software, other than postage generation 

25 program 300 described above, may be installed by the user 
on his/her own in computer 105 to interact with, say, 
program 3 00, to realize a more comprehensive mailing 
process. Such other application software may include, 
e.g., a billing program for charging postage t>ack to 

3 0 different accounts, an envelope program for pointing an 

address and a postage indicium on an envelope , an address 
cleansing program for correcting mailing addresses, etc. 
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On the other hand, because system 100 is 
configured as an open system, the integrity of the 
franking operation thereby may be jeopardized. For 
example, the user may load illegitimate software on 
5 computer 105 to interact with postage generation program 
3 00 to fraudulently print postage indicia. The user may 
also employ a printer of inferior quality to print 
substandard postage indicia, which are unreadable by an 
optical scanner. 

10 Thus, in accordance with an aspect of the 

invention, the f ranking-related hardware and software 
components in system 100 need to be pre-approved. To 
that end, the components by different vendors need to 
pass standardized tests to meet certain minimum 

15 requirements in, e.g., compatibility with a postage 

generation program in the franking system, print quality, 
tamper resistance, efficiency, durability, etc., to 
become approved. The pre-approved components may then be 
marketed to users for installation in their franking 

20 systems, e.g., system 100. The manner in which the pre- 
approval requirement of the software and hardware 
components is enforced when they interact with the 
postage generation program is fully described below. It 
suffices to know for now that each pre-approved software 

2 5 component includes a valid registration identifier which 

is necessary for the software component to interact with 
the postage generation program. Similarly, for each pre- 
approved hardware component (e.g., a printer), its 
utility software (e.g., printer driver software) 

3 0 interfacing the hardware component with the postage 

generation program also includes a valid registration 
identifier, which is necessary for it to interact with 
the postage generation program. 
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' In accordance with another aspect of the 
invention, a registration identifier is used to {1) 
identify a franking- related hardware or software 
component in a franking system configuration, (2) enforce 
the pre -approval requirement of such a hardware or 
software component. To achieve object (1), each pre- 
approved software component, and hardware component 
including its utility software is assigned a different 
registration identifier. A duplicate copy of the 
registration identifier is registered in memory 135 of 
data center 125. Thus, data center 125 includes in 
memory 135 a collection of registration identifiers 145 
which identify and are associated with different pre- 
approved components. The registration identifier 
collection is updated from time to time as additional 
software and hardware component pass the standardized 
tests and become approved. 

When each pre-approved component interacts with 
the postage generation program, the registration 
identifier in the component is compared with the 
registered registration identifier. If the two 
identifiers match or correspond, the component is 
verified to be pre-approved, thereby achieving object 
(2) . 

A pre-approved envelope program having a 
registration identifier for verification of its pre- 
approval status will now be described. This envelope 
program may be purchased from a third-party vendor and 
installed by the user in computer 105. Because of its 
pre-approval status, the envelope program includes 
therein a registration identifier which identifies the 
program. Pigs. 16A, 16B and 16C jointly illustrate the 
envelope program and interactions with postage generation 
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program 3 00 to print addresses and a postage indicium on 
an envelope. Instructed by such an envelope program, 
computer 105 elicits from the user the size of the 
envelope to be used for a mailpiece, as indicated at Step 
5 1603 in Fig. 16A. Computer 105 at step 1606 displays an 
image of the envelope having the specified size on its 
screen. Computer 105 at step 1609 prompts the user to 
type originating mailing address and destination mailing 
address at desired locations on the displayed envelope. 

10 Computer 105 at step 1612 prompts the user to indicate 
the desired location on the displayed envelope where a 
postage indicium is to be printed. Accordingly, the user- 
utilizes a mouse device to indicate the desired location 
which, in this instance, is the upper right corner of the 

15 envelope according to the postal authority regulations. 



draft option which enables the user to preview the 
envelope including a specimen indicium appearing at the 
user defined location before the envelope is printed. 
20 Thus, this option allows the user to check the format of 
the envelope and the relative placement of the address 
blocks, and postage indicium on the envelope before the 
user is committed thereto. 



25 printing of the envelope at step 1617, computer 105 at 
step 1618 generates a first ensemble of control 
characters indicating the position of the originating 
mailing address, a second ensemble of control characters 
indicating the position of the destination mailing 

30 address, and a third ensemble of control characters 

indicating the position of the postage indicium on the 
envelope. At step 1621, computer 105 inserts the first, 
second and third ensembles of control characters into the 



Computer 105 thereafter provides at step 1615 a 



After the user decides to proceed with the 
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data stream representative of the texts of the 
originating and destination mailing addresses, where the 
originating mailing address data is preceded by the first 
ensemble of control characters, and the destination 
mailing address data is preceded by the second ensemble 
of control characters. The resulting data stream is 
formatted pursuant to the protocol required by printer 
115. For example, 'if printer 115 is a printer 
manufactured by Hewlett-Packard Co., the data stream 
would be in accordance with the Hewlett-Packard printer 
control language (HP-PCL) . 

The envelope program proceeds from step 1621 to 
step 1623 in Fig. 16B where postage generation program 
3 00 described before is invoked* Upon such an 
invocation, unit 210 in PSD 110 is interrupted, and 
requests computer 105 to pass thereto a copy of the 
registration identifier in the envelope program for 
examination, as indicated at step 1624. If computer 105 
fails to produce a copy of the registration identifier, 
unit 210 causes computer 105 to display thereon an 
"Unauthorized Component" message, and prevents generation 
of any postage indicium, as indicated at step 1625* 

Otherwise, if computer 105 produces a. copy of 
the registration identifier of the envelope program, unit 
210 at step 1626 compares the registration identifier 
from computer 105 with each of registration identifiers 
245 in PSD 110, which are associated with the pre- 
approved components which have been verified at least 
once. At step 1627, unit 210 determines whether a 
corresponding registration identifier is found amongst 
registration identifiers 245. Assuming that ttiis is not 
the first time that the envelope program invokes program 
3 00, and the registration identifier of the envelope 
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program has been verified at least once, unit 210 in this 
instance finds the corresponding registration identifier 
amongst registration identifiers 245 , and proceeds to 
step 1642 in Fig, 16C described below. 
5 Otherwise, if the registration identifier of 

the envelope program has never been verified, unit 210 
fails to find a corresponding registration identifier 
amongst registration identifiers 245. Unit 210 then 
causes modem 120 to establish at step 1628 a 

10 communication connection with data center 125. jUnit 210 
transmits at step 1629 the serial number of PSD 110 and 
copy of the registration identifier of the envelope 
program to data center 125 where processor 13 0 at step 
1630 compares the received registration identifier with 

15 each of registration identifiers 145 in data center 125, 
which as mentioned before consist of the registration 
identifiers of all pre-approved components ever. 
Processor 13 0 at step 1631 determines whether a 
corresponding registration identifier is found amongst 

20 registration identifiers 145. 

Since in this instance, the envelope program is 
pre-approved, processor 130 locates a corresponding 
registration identifier amongst registration identifiers 
145. Processor 130 recognizes that the envelope program 

25 identified by the corresponding registration identifier 
is being run on system 100, which is identified by the 
received serial number of PSD 110. Accordingly, 
processor 13 0 at step 1633 updates the record of system 
100 in database 140 to also include in field 165 thereof 

30 an indication that the envelope program is now part of 
the configuration of system 100. Processor 130 then at 
step 1636 returns the copy of the registration identifier 
of the envelope program to unit 210, with an 



WO 99/66422 



PCT/US99/13488 



-35- 

acknowledgment that such a registration identifier is 
valid, and then terminates the communication connection. 
In response, unit 210 at step 1639 in Fig. 16C adds the 
returned registration identifier to registration 
5 identifiers 245 in PSD 110 for subsequent verification, 
obviating the need to have processor 13 0 involved in the 
subsequent verification of such a registration 
identifier. Unit 210 then goes on to help generate a 
postage indicium, as indicated at step 1642. 

10 Otherwise, if processor 130 at step 1631 fails 

to locate a corresponding registration identifier amongst 
registration identifiers 145, processor 130 at step 1645 
in Fig. 16B returns only a negative acknowledgement that 
the received registration identifier is invalid, and 

15 terminates the communication connection. In response to 
the negative acknowledgement, unit 210 returns to step 
1625 . 

After step 1642 in Fig. 16C and execution of 
program 3 00, a print image of an appropriate postage 

20 indicium is prepared. At step 1648 a printer driver 

program associated with printer 115 is invoked to print 
the originating and destination addresses, and postage 
indicium on an envelope fed to printer 115, As the 
printer driver program interacts with program 3 00 to 

25 receive the print image of the postage indicium resulting 
from program 300, printer 115 including the printer 
driver program needs to be pre-approved. As such, upon 
the invocation of the printer driver program, unit 210 in 
PSD 110 is interrupted, and requests computer 105 to pass 

3 0 thereto a copy of the registration identifier in the 

printer driver program for examination, as indicated at 
step 1651. If computer 105 fails to produce a copy of 
such a registration identifier, unit 210 denies the 
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printer driver program of the print image of the postage 
indicium, as indicated at step 1654 . 

Otherwise, if computer 105 produces a copy of 
the registration identifier, unit 210 at step 1657 
compares the registration identifier from computer 105 
with each of registration identifiers 245 in PSD 110 
which, as mentioned before, are associated with the pre- 
approved components which have been verified at least 
once. Assuming that this is not the first time that the 
printer driver program is invoked to print a postage 
indicium, and the registration identifier of the printer 
driver program has been verified at least once, unit 210 
in this instance locates at step 1660 the corresponding 
registration identifier amongst registration identifiers 
245. The printer driver program is provided with the 
print image of the postage indicium, as indicated at step 
1663. At step 1667, printer 115 prints on the provided 
envelope the originating and destination addresses and 
the postage indicium at the user defined positions, based 
on the aforementioned data stream from computer 105 and 
the print image of the postage indicium. 

Otherwise, if at step 1660 unit 210 fails to 
locate the corresponding registration identifier, 
processor 13 0 would be involved in verifying the 
registration identifier with the steps similar to steps 
1628 through 1631, and 1633, 1636, 1639 and 1645 
described before, which are not repeated here. 

It is apparent from the disclosure heretofore 
that database 140 in data center 125 has records of 
configurations of all of the franking systems served by 
center 125. In particular, field 165 of each record 
pertaining to a respective franking system includes 
configuration information concerning, among others, the 
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hardware configuration of the computer (i.e., item (b) ) , 
the enabled or disabled options (i.e., item (f ) ) , the 
version of the postage generation program (i.e. , item 
(d) ) , and other hardware and software components 
interacting with the postage generation program in the 
franking system. Such information in database 140 can be 
used by a postal authority to effectively monitor and 
control the configurations of individual franking systems 
in the field. 

The foregoing merely illustrates the principles 
of the invention. It will thus be appreciated that those 
skilled in the art will be able to devise numerous other 
arrangements which embody the principles of the invention 
and are thus within its spirit and scope. 

For example, to further deter unauthorized 
reconfiguration of system 100, the encryption algorithms 
for generating authorization codes may be changed from 
time to time. The new algorithms may easily be 
downloaded from data center 12 5 during a software upgrade 
in computer 105, or during a TMS transaction with data 
center 125 . The memory locations in the memory maps of 
Figs. 10 and 14 may be changed from time to time, as 
well . 

In addition, in the illustrative embodiment, 
the memory of computer 105 is distinguished from memory 
2 00 in PSD 110. However, the memory spaces in the two 
memories may be interchangeable in that some or all of 
the memory contents in memory 200 may be stored in the 
memory of computer 105, and vice versa. Similarly, some 
or all of the tasks performed by processing unit 210 in 
PSD 110 in the illustrative embodiment may be performed 
by computer 105, and vice versa. 
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Finally, the illustrative embodiment of the 
invention is disclosed herein in a form in which various 
franking and communications functions are performed by 
discrete functional blocks. These functional blocks may 
be implemented in various ways and combinations using 
logic circuitry and/or appropriately programmed 
processors, as will be known to those skilled in the art. 
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Claims 

1. A franking system comprising: 

a memory for storing a software component for 
generating at least one postage indicium; 

a device for receiving an authorization code which 
is derived from at least information concerning the 
software component; and 

a processing unit for verifying at least part of the 
authorization code to detect any change in the software 
component before the at least one postage indicium is 
generated . 

2. The system of claim 1 wherein the information 
represents a version number of the software component . 

3 . The system of claim 2 further comprising a counter 
for keeping track of the version number of the software 
component . 

4. The system of claim 2 wherein memory locations are 
allocated in the memory for storing a plurality of 
version numbers of the software component, respectively, 
the version number of the software component being 
indicated as stored at one of the memory locations. 

5. The system of claim 1 wherein the information is 
obtained from running a predetermined algorithm on code 
of the software component. 

6. The system of claim 5 wherein the information 
includes error checking information. 
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7. The system of claim G wherein the error checking 
information includes cyclic redundancy check (CRC) bits. 

8 . The system of claim 6 wherein the error checking 
information includes a checksum. 

9. The system of claim 1 further comprising a computer: 
where the memory is in, wherein the authorization code ±s 
also derived from an identity of the computer. 

10. The system of claim 9 wherein the identity of the 
computer includes a serial number thereof . 

11. The system of claim 1 further comprising a postal 
security device (PSD) where the processing unit is in, 
wherein the authorization code is also derived from an 
identity of the PSD. 

12. The system of claim 11 wherein the identity of the 
PSD includes a serial number thereof . 

13. A franking system comprising: 

a memory for storing a software component for 
generating at least one postage indicium; 

a buffer for storing an authorization code which is 
derived from at least information concerning a 
configuration of the system; and 

a processing unit for verifying at least part of the 
authorization code before the at least one postage 
indicium is generated to detect any change in the 
configuration of the franking system. 
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14. The system of claim 13 further comprising software 
components for providing feature options in the system 
which are selectively enabled, wherein the configuration 
concerns at least a setting of the feature options. 

15. The system of claim 13 wherein the configuration 
concerns at least a version of the software component. 

16. The system of claim 13 further comprising a device 
for maintaining a postage fund for postage dispensation 
in the system, wherein the processing unit is within the 
device . 

17. The system of claim 16 wherein the authorization 
code is also derived from an identity of the device. 

18. The system of claim 17 wherein the identity of the 
device includes a serial number thereof . 

19. The system of claim 13 further comprising a computer 
where the memory is in, wherein the authorization code is 
also derived from an identity of the computer. 

20. The system of claim 19 wherein the identity of the 
computer includes a serial number thereof. 

21. A franking system for generation of postage indicia, 
the system having a plurality of feature options which 
may be enabled, the system comprising: 

a device for receiving an authorization code which 
is generated outside the system in response to a request 
for a selected setting of the feature options different 
from a current setting thereof, the authorization code 
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comprising a code segment and a data segment, the code 
segment being derived from at least information 
concerning the selected setting of the feature options, 
the data segment containing data concerning one or more 
5 of the feature options ; 

a buffer for effecting the selected setting of the 
feature options based on the data; and 

a processing unit for verifying the code segment to 
determine whether generation of postage indicia based on 
10 the selected setting of the feature options is allowed. 

22 , The system of claim 21 wherein the data includes the 
information concerning the setting of the feature 
options . 

15 

23 . The system of claim 21 wherein the data is 
encrypted. 

24. The system of claim 21 wherein the selected setting 
20 of the feature options involves changing one or more of 

the feature options, with respect to the current setting 
of the feature options, the length of the data segment 
being a function of a quantity of the one or more of the 
feature options. 

25 

25. The system of claim 24 wherein the data indicates 
memory addresses which are associated with the one or 
more of the feature options, respectively, a value being 
stored at each memory address and the feature option 

3 0 associated with the memory address is changed to the 
value. 
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26. The system of claim 25 wherein the data includes 
offset memory addresses which are associated with the one 
or more of the feature options, respectively. 

27. The system of claim 24 wherein the data identifies 
the one or more of the feature options. 

28. A franking system comprising: 

a first memory for storing a first software 
component for realizing at least one postage indicium; a 
second software component being stored in the first 
memory for interacting with the first software component, 
the second software component including a selected 
identifier; 

a second memory for storing a plurality of 
identifiers; and 

a processing unit for determining whether one of the 
plurality of identifiers corresponds to the selected 
identifier in the second software component when the 
second software component interacts with the first 
software component, the at least one postage indicium 
being realized only when one of the plurality of 
identifiers corresponds to the selected identifier. 

29. The system of claim 28 further comprising a device 
for maintaining a postage fund for postage dispensation 
in the system, wherein the second memory is within the 
device . 

30. The system of claim 28 wherein the selected 
identifier identifies the second software component. 
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31. The system of claim 28 further comprising at least 
one hardware component, wherein the second software 
component includes utility software for interfacing the 
first software component with the at least one hardware 
component . 

32. A system for reconfiguring a franking apparatus for 
generating postage indicia, the franking apparatus 
including a device for maintaining a postage fund for 
postage dispensation in the franking apparatus, the 
system comprising: 

a memory for storing a value of an account for 
replenishing the postage fund in the franking apparatus; 
and 

a processor for reconfiguring the franking 
apparatus, a reconfiguration of the franking apparatus 
incurring a cost, the value of the account being adjusted 
to account for the cost, the value of the postage fund in 
the franking apparatus being unaffected by the 
reconfiguration . 

33. The system of claim 32 wherein the franking 
apparatus is remotely reconfigured through a 
communication connection . 



34. The system of claim 32 wherein the reconfiguration 
of the franking apparatus concerns at least a setting of 
feature options in the franking apparatus. 

35. The system of claim 32 wherein the reconfiguration 
of the franking apparatus concerns at least a version of 
a software component in the franking apparatus. 
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36. The system of claim 32 wherein the memory also 
stores information concerning a current configuration of 
the franking apparatus . 

37. The system of claim 36 wherein the processor causes 
transmission of a menu to the franking apparatus for the 
reconfiguration thereof, the menu being generated based 
on the information ^ 

38. A method for use in a franking system comprising.* 
storing a software component for generating at least 

one postage indiciums- 
receiving an authorization code which is derived 

from at least information concerning the software 

component ; and 

verifying at least part of the authorization code to 

detect any change in the software component before the at 

least one postage indicium is generated. 

39. The method of claim 38 wherein the information 
represents a version number of the software component. 

40. The method of claim 39 further comprising keeping 
track of the version number of the software component 
using a counter in the system. 

41. The method of claim 39 further comprising allocating 
memory locations to store a plurality of version numbers 
of the software component, respectively, the version 
number of the software component being indicated as 
stored at one of the memory locations. 
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42. The method of claim 38 wherein the information is 
obtained from running a predetermined algorithm on code 
of the software component. 

4 3 . The method of claim 42 wherein the information 
includes error checking information. 

4 4 . The method of claim 4 3 wherein the error checking 
information includes CRC bits. 

45. The method of claim 4 3 wherein the error checking 
information includes a checksum. 

46. The method of claim 38 wherein the authorization 
code is also derived from an identity of a computer in 
the system. 

47. The method of claim 46 wherein the identity of the 
computer includes a serial number thereof. 

48. The method of claim 38 wherein the authorization 
code is also derived from an identity of a PSD in the 
system. 

49. The method of claim 38 wherein the identity of the 
PSD includes a serial number thereof . 

50. A method for use in a franking system comprising: 
storing a software component for generating at least 

one postage indicium; 

storing an authorization code which is derived from 
at least information concerning a configuration of the 
system; and 
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verifying at least part of the authorization code 
before the at least one postage indicium is generated to 
detect any change in the configuration of the franking 
system. 

5 

51. The method of claim 50 further comprising providing 
feature options in the system which are selectively 
enabled, wherein the configuration concerns at least a 
setting of the feature options. 

10 

^3 52. The method of claim 50 wherein the configuration 
]r\ concerns at least a version of the software component. 

;si 53. The method of claim 50 wherein the authorization 
S code is also derived from an identity of a device for 

maintaining a postage fund for postage dispensation in 
l^l the system. 

R 54 . The method of claim 53 wherein the identity of the 
S3) device includes a serial number thereof. 

55. The method of claim 50 wherein the authorization 
code is also derived from an identity of a computer. 

25 56. The method of claim 55 wherein the identity of the 
computer includes a serial number thereof . 

57. A method for use in a franking system for generation 
of postage indicia, the system having a plurality of 
30 feature options which may be enabled, the method 
comprising: 

receiving an authorization code which is generated 
outside the system in response to a request for a 
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selected setting of the feature options different from a 
current setting thereof, the authorization code 
comprising a code segment and a data segment, the code 
segment being derived from at least information 
5 concerning the selected setting of the feature options, 
the data segment containing data concerning one or more 
of the feature options; 

effecting the selected setting of the feature 
options based on the data; and 
10 verifying the code segment to determine whether 

generation of postage indicia based on the selected 
/?! setting of the feature options is allowed, 

?y 58. The method of claim 57 wherein the data includes the 

]l^L5 information concerning the setting of the feature 
options . 

J y 59. The method of claim 57 wherein the data is 
|y encrypted. 

Jio 

60. The method of claim 57 wherein the selected setting 
of the feature options involves changing one or more of 
the feature options, with respect to the current setting 
of the feature options, the length of the data segment 

25 being a function of a quantity of the one or more of the 
feature options . 

61. The method of claim 60 wherein the data indicates 
memory addresses which are associated with the one or 

30 more of the feature options, respectively, a value being 
stored at each memory address and the feature option 
associated with the memory address is changed to the 
value . 
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62 . The method of claim 61 wherein the data includes 
offset memory addresses which are associated with the one 
or more of the feature options, respectively. 

63. The method of claim 57 wherein the data identifies 
the one or more of the feature options. 

64. A method for use in a franking system comprising: 
storing a first software component for realizing at 

least one postage indicium; 

storing a second software component for interacting 
with the first software component, the second software 
component including a selected identifier; 

storing a plurality of identifiers ; 

determining whether one of the plurality of 
identifiers corresponds to the selected identifier in the 
second software component when the second software 
component interacts with the first software component; 
and 

realizing the at least one postage indicium when one 
of the plurality of identifiers corresponds to the 
selected identifier . 

65. The method of claim 64 wherein the selected key 
identifies the second software component. 

66. The method of claim 64 wherein the second software 
component includes utility software for interfacing the 
first software component with at least one hardware 
component in the system . 
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67. A method for reconfiguring a franking apparatus for 
generating postage indicia, the franking apparatus 
including a device for maintaining a postage fund for 
postage dispensation in the franking apparatus, the 
5 method comprising : 

storing a value of an account for replenishing the 
postage fund in the franking apparatus; 

reconfiguring the franking apparatus, a 
reconfiguration of the franking apparatus incurring a 
10 cost ; and 

adjusting the value of the account to account for 
the cost, the value of the postage fund in the franking 
apparatus being unaffected by the reconfiguration. 

15 68. The method of claim 67 wherein the franking 
apparatus is remotely reconfigured through a 
communication connection. 

69. The method of claim 67 wherein the reconfiguration 
2 0 of the franking apparatus concerns at least a setting of 

feature options in the franking apparatus. 

70. The method of claim 67 wherein the reconfiguration 
of the franking apparatus concerns at least a version of 

25 a software component in the franking apparatus. 

71. The method of claim 67 further comprising storing 
information concerning a current configuration of the 
franking apparatus . 

30 

72. The method of claim 71 further comprising 
transmitting a menu to the franking apparatus for the 
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reconf igur'atiqn thereof, the menu being generated based 
on the information. 
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SUPPLEMENTAL DECLARATION (37 C.F.R. § 1.67(b)) 



(complete the following where a supplemental declaration is being submitted) 

□ I hereby declare that the subject matter of the 

□ attached amendment 

□ amendment filed on 

was part of my/our invention and was invented before the filing date of the original 
application, above-identified, for such invention. 

ACKNOWLEDGEMENT OF REVIEW OF PAPERS AND DUTY OF CANDOR 

I hereby state that I have reviewed and understand the contents of the above-identified 
specification, including the claims, as amended by any amendment referred to above. 

I acknowledge the duty to disclose information, which is material to patentability as 
defined in 37, Code of Federal Regulations, § 1 .56, 

(also check the following items, if desired) 

E and which is material to the examination of this application, namely, information 
where there is a substantial likelihood that a reasonable Examiner would consider 
it important in deciding whether to allow the application to issue as a patent, 
and 

□ in compliance with this duty, there is attached an information disclosure 
statement, in accordance with 37 CFR 1.98. 

PRIORITY CLAIM (35 LLS.C. §§ 119(aHd)) 

NOTE: "The claim to priority need be in no special form and may be made by the attorney or agent if the foreign 
application is referred to in the oath or declaration as required by § 1.63. The claim for priority and 
the certified copy of the foreign application specified in 35 U.S.C 119(b) must be died in the case of 
an interference (§ 1.63Q), when necessary to overcome the date of a reference relied upon by the 
examiner, when specifically required by the examiner, and in ail other situations, before the patent is 
granted, tf the claim for priority or the certified copy of the foreign application is filed after the date 
the issue fee is paid, it must be accompanied by a petition requesting entry and by the fee set forth 
in § 1.17(0. if the certified copy is not in the English language, a translation need not be filed except 
in the case of interference; or when necessary to overcome the date of a reference relied upon by the 
examiner; or when specifically required by the examiner, in which event an English language translation 
must be Hied together with a statement that the translation of the certified copy is accurate.' 37 Q.F.R. 
§ 1.55(a). 

I hereby claim foreign priority benefits under Title 35, United States Code, §§ 119(a)-(d) 
of any foreign application(s) for patent or inventor's certificate or of any PCT international 
application® designating at least one country other than the United States of America listed 
below and have also identified below any foreign applications) for patent or inventor's 
certificate or any PCT international application(s) designating at least one country other than 
the United States of America filed by me on the same subject matter having a filing date 
before that of the application® of which priority is claimed. 

(complete (d) or (e)) 

(d) □ no such applications have been filed. 

(e) C2 such applications have been filed as follows. 

NO TE: Where item (c) is entered above and the Internationa} Application which designated the U.S. itself claimed 
priority check item (e), enter the details below and make the priority claim. 
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SPECIFICATION IDENTIFICATION 

the specification of which: 

(complete (a), (b), or (c)) 

(a) □ is attached hereto, 

NOTE: m The following combinations of information supplied in an oath or declaration filed on the application 
filing date with a specification are acceptable as minimums fcr identifying a specification and compliance 
with any one of the items below will be accepted as complying with the identification requirement of 
37 CFR 1.63: 

'(1) name of inventor(s) r and reference to an attached specification which is both attached 
to the oath or declaration at the time of execution and submitted with the oath or declaration 

on filing: 

m (2) name of inventcrfs), and attorney docket number which was on the specification as filed: 

or 

'(3) name of inventorfs), and title which was on the specification as filed. * 
Notice of My 13. 1995 (1177 O.G. 60). 

(b) □ was filed on , as □ Serial No, 0 / 

or □ 

and was amended on Qf applicable). 

NOTE: Amendments filed after the criginai papers are deposited with the PTO that contain new matter are 
not accorded a filing date by being referred to in the declaration. Accordingly, the amendments involved 
are those filed with the application papers or, in the case of a supplemental declaration, are those 
amendments claiming matter not encompassed in the original statement of invention or claims. See 
37 CFR 1.67. 

NOTE: m The following combinations of infonrtation supplied in an oath or declaration filed after the filing date 
are acceptable as minimums for identifying a specification and compliance with any one of the items 
below will be accepted as complying with the identification requirement of 37 CFR 1.63: 

m (1) name of inventors), and application number (consisting of the series code and the serial 
number, e.g.,08/1 23,456); 

m (2) name of inventors), serial number and filing date; 

m (3) name of inventors) and attorney docket number which was on the specification as fifed; 

"(4) name of inventonjs), title which was on the specification as filed and filing date; 

"(5) name of inventorfs), titie which was on the specification as filed and reference to an 
attached specification which is both attached to the oath or declaration at the time of execution 
and submitted with the oath or declaration; or 

m (6) name of inventors), titie which was on the specification as filed and accompanied by 
a cover letter accurately identifying the application for which it was intended by either the 
application number (consisting of the series code and the serial number; e.g. ,08/1 23,456), or 
serial number and fifing date. Absent any statements) to the contrary, it will be presumed that 
the application filed in the PTO is the application which the inventorfs) executed by signing 
the oath or declaration. 9 

Notice of July 13, 1995 (1177 O.G. 60). 

(c) Q was described and claimed in PCT International Application No. 

PCT/I1S99/134S3 , filed on iWrnS- 1999 and as 

amended under PCT Article 19 on (if any). 
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Practitioner*. Docket Ho. 770P009579-US(PCT) 



PATENT 



COMBINED DECLARATION AND POWER OF ATTORNEY 

(ORIGINAL, DESIGN, NATIONAL STAGE OF PCT f SUPPLEMENTAL, DIVISIONAL, 

CONTINUATION, OR C-l-P) 

As a below named inventor, I hereby declare that: 

TYPE OF DECLARATION 

This declaration is of the following type: 

(check one applicable item below) 

□ original. 

□ design. 

□ supplemental. 

NOTE' if the declaration is for an International Application being filed as a divisional, continuation or 
continuation-in-part application t do not check next item; check appropriate one of last three items. • 

OB national stage of PCT. 

NOTE: if one of the following 3 items apply, then complete and also attach ADDED PAGES FOR DIVISIONAL, 
CONTINUATION OR C-/-P. 

NOTE: See 37 C.F.R. § 1.63(d) (continued prosecution application) for use of a prior nonprovisional application 
declaration in the continuation or divisional application being filed on behalf of the same or fewer of 
the inventors named in the prior application. 

□ divisional. 

□ continuation. 

NOTE: Where an application discloses and claims subject matter not disclosed in the prior application, or a 
* continuation or divisional application names an inventor not named in the prior application, a 
continuation-in-part application must be Hied under 37 C.F.R. § 1.53(b) (application filing requirements 
— nonprovisional application). 

□ continuation-in-part (C-l-P). 

INVENTORSHIP IDENTIFICATION 

WARNING: If the inventors are each not the inventors of ail the claims, an explanation of the facts, including 
the ownership of all the claims at the time the last claimed invention was made, should be submitted. 

My residence, post office address and citizenship are as stated below, next to my name. 
I believe that I am the original, first and sole inventor (if only one name is listed below) or 
an original, first and joint inventor (if plural names are listed below) of the subject matter 
that is claimed, and for which a patent is sought on the invention entitled: 

TITLE OF INVENTION 

TECHNIQUE FOR SECURING A SYSTEM CONFIGURATION OF A POSTAGE FRANKING SYSTEM 



III ■■ ■ ■■ I ~ .11 | ... I.. — , 
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ALL FOREIGN APPLICATION(S), IF ANY, FILED MORE THAN 12 MONTHS 
(6 MONTHS FOR DESIGN) PRIOR TO THIS U.S. APPLICATION 



PCT/US99/13488 filed 15 June 1999 

United States - 60/089,212 filed 15 Oune 1998 

NOTE: If the application filed more than 12 months from the filing date of this application is a PCT fding forming 
the basis for this application entering the United States as (1) the national stage, or 0 a continuation, 
divisional, or continuation-in-part, then also complete ADDED PAGES TO COMBINED DECLARATION 
AND POWER OF ATTORNEY FOR DIVISIONAL, CONTINUATION OR C-/-P APPLICATION tor benefit 
of the prior US. or PCT application® under 35 U.S.C § 120. 

POWER OF ATTORNEY 

I hereby appoint the following practitioners) to prosecute this application and transact 
all business in the Patent and Trademark Office connected therewith. 

(list name and registration number) 

Clarence A. Green (24,622) 
Mark F. Harrington % (31,686) 
Janik Marcovici (42,841) 

(check the following item, if applicable) 

g) I hereby appoint the practitioners) associated with the Customer Number pro- 
vided below to prosecute this application and to transact ad business in the 
Patent and Trademark Office connected therewith. 

□ Attached, as part of this declaration and power of attorney, is the authorization 
of the above-named practitioner® to accept and follow instructions from my 
representative®. 



SEND CORRESPONDENCE TO 

[£] Address 

Clarence A. Green 
PERMAN & GREEN, LLP 
425 Post Road 
Fairfield, CT 06430 

□ Customer Number 



DIRECT TELEPHONE CALLS TO: 
(Name and telephone number) 



Clarence A. Green 
UU3) 259-1800 
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PRIOR FORE1GH/PCT APPLICATION(S) FILED WITHIN 12 MONTHS 
(6 MONTHS FOR DESIGN] PRIOR TO THIS APPLICATION 
AND ANY PRIORITY CLAIMS UNDER 35 U-S.C. § 119{*Hd) 



COUNTRY (OR 
INDICATE IF 
PCT) 


APPLICATION NUMBER 


DATE OF FILING 
(day, month, year) 


PRIORITY CLAIMED 
UNDER 37 USC 119 








□ YES NO □ 








□ YES NOD 








□ YES NO □ 








□ YES NO □ 








□ YES NOD 



CLAIM FOR BENEFIT OF PRIOR U,S. PROVISIONAL APPLICATION(S) 

(34 U.S.C. § 119(e)) 

I hereby claim the benefit under Title 35, United States Code, § 119(e) of any United 
States provisional application(s) listed below: 



PROVISIONAL APPLICATION NUMBER FILING DATE 

/ 

/ 

./ 

CLAIM FOR BENEFIT OF EARLIER US/PCT APPLICATION(S) 
UNDER 35 U.S.C. 120 

□ The claim for the benefit of any such applications are set forth in the 
attached ADDED PAGES TO COMBINED DECLARATION AND POWER OF 
ATTORNEY FOR DIVISIONAL, CONTINUATION OR CONTiNUATION-IN 
PART (C-l-P) APPLICATION. 
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(check proper box(e$) for any of the following added page(s) 
that form a part of this declaration) 

Signature for fourth and subsequent joint inventors* Number of pages added 

1 



□ Signature by administrator(trix) f executor(trix) or legal representative for de- 
ceased or incapacitated inventor. Number of pages added 

» • * 

□ Signature for inventor who refuses to sign or cannot be reached by person 
authorized under 37 CFR 1.47. Number of pages added 



□ Added page for signature by one joint inventor on behalf of deceased inventors) 
where legal representative cannot be appointed in time. (37 CFR 1.47) 



□ Added pages to combined declaration and power of attorney for divisional, 
continuation, or continuation-in-part (C-I-P) application. 

□ Number of pages added 



□ Authorization of practitioners) to accept and follow instructions from representa- 
tive. 



(if no further pages form a part of this Declaration, 
then end this Declaration with this page and check the following item) 

EX This declaration ends wfth this page. 
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DECLARATION 



I hereby declare that all statements made herein of my own knowledge are true and that 
all statements made on information and belief are believed to be true; and further that these 
statements were made with the knowledge that willful false statements and the like so made 
are punishable by fine or imprisonment, or both, under Section 1 001 of Title 1 8 of the United 
States Code, and that such willful false statements may jeopardize the validity of the 
application or any patent issued thereon. 

SIGNATURE(S) 

NOTE: Carefully indicate the family (or last) name, as it should appear on the filing receipt and all other 
documents. 

Full name of sole or first inventor 

G SCHWARTZ 

J^SUmE] ^ 0 (M^U^mTtyLfiR NAMJ^ FAMILY (OR USTi 

Inventor's signature 





Date lOflflob Country of Citizenship Un1ted Stat ~ e * _ 
Residence 191 Linden Avenue, .Branfordj Connecticut 06405 USA [ ' / 
Post Office Address 191 Linden Avenu e, Branford, Connecticut 06405 USA_ 



Full name of second joint inventor, if any 

fierusqfr- 



BR00KNER 




(GIVES NAME) 

Inventor's signature 
Date ~> ^ zL 



untry of Citizenship 



Residence . 
Post Office Address 



y ~ W V^PU.tU/ V. ' 

11 Surrey Drive j Norwalk| Connecticut 06851 USA 



United States 

T 



11 Surrey Drive, Norwalk, Connecticut 06851 



USA 



Full name of third joint inventor, if any 

^ , ESKANDARI 
Fetneh 

^ Inventor's signature 
Date \e f? 6/ 

Residence 1 A * 1 anp J Miririletownl Conn ecticut 064$7 — LIS/L 

Post Office Address 144l)ove Lane, Middletown, Connecticut 06457 USA 



J 
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Practitioner's Docket No. 



770P009579-US(PCT) 



ADDED PAGE TO COMBINED DECLARATION AND POWER OF 
ATTORNEY FOR SIGNATURE BY FOURTH AND SUBSEQUENT INVENTORS 



Full name of fourth joint inventor, if any 
Allen. — A, 



CROWE 



GIVEN NAME 

Inventor's signature 

UQ Date 



MlQpLE INITIAL OR NAME 



FAMILY (OR LAST NAME) 



Country of Citizenship . 



Residence 76 Klein Drive, j Prospect, (Connecticut 06712 USA C - ( 
76 Klein Drive, Prospect, Connecticut, 06712 USA 



Post Office Address . 



Full name of fifth joint inventor, if any 

Mark -- E. SIMCIK 



Inventor's signature . 



\ GIVEN NAME JvllDDJ-E iNnrKpOTTOTWE" ^ ~ FAMILY (OR LABTT1AME) 



c; Date Z^' Oct-ZMh Country of Citizenship LLSfl ^ -p 

O Residence 141 Park Avenue J Bloomfield J Connecticut 06002 USA V— I 
Post Office Address 141 Park Avenue, Bloomfield, Connecticut 06002 USA 



Full name of sixth joint inventor, if any 

GIVEN NAME MIDDLE INITIAL OR NAME FAMILY (OR LAST NAME) 

Inventor's signature _ 

Date Country of Citizenship 

Residence 

Post Office Address 



(Added Page to Combined Declaration and Power of Attorney for Signature by Fourth and Subsequent 

Inventors [1-2]) 



